Add CSP, HSTS and X-Content-Type-Options

[rmsmgaspar]

This issue is unique.

• I have used the search tool and did not find an issue describing my idea.

Your idea.

Regarding webpage security, there is the need to create headers security with:
Content Security Policy (CSP)
HTTP Strict Transport Security (HSTS)
X-Content-Type-Options
Right now this is not possible with the docker version, it's possible to have this implemented or with some environment variables to input?
thanks in advance.

[igwyd]

Hello @rmsmgaspar, we add automaticaly add_header X-Content-Type-Options nosniff; and add_header Strict-Transport-Security max-age=31536000; to the nginx config if you Running ONLYOFFICE Document Server using HTTPS and we have docker variables for settings up HSTS. Regarding CSP is not implemented, i create ticket #66988 with your proposal.
BTW, you can configure any security settings yourself if you use an external proxy, our examples for proxies are here.

[rmsmgaspar]

Thanks